Handiest way to verify a signature in isolation

[edmundedgar]

So I've been hacking on bitcore.io trying to do some (hopefully not for much longer, Inshallah) non-standard transactions with it, and I'm finding they're getting rejected by my testnet node for being invalid. I can generate the same transactions with a python script I made earlier and get them accepted and mined OK, and the hash that's getting passed to the sign code seems to be the same in both cases, so I reckon I'm somehow screwing up the actual signature creation rather than elsewhere in the script, but I'd like to test the signatures in isolation to be sure and confirm that the ones getting created by my JavaScript are definitely wonky where the ones created by my Python code are good.

Any suggestions for an easy, hard-to-screw-up-when-sleep-deprived way to verify a signature in isolation? I'm wondering if I can do something like (made-up options follow):

Code:

openssl --i-would-like-to-verify-a-signature-please --ecdsa-something-or-other <pubkey> <hash_that_gets_passed_in_for_signing> <signature>

[1715145345]

1715145345

[dexX7]

Probably not exatly what you are looking for, but you may could give python-bitcoinlib a try:

https://github.com/petertodd/python-bitcoinlib/blob/master/examples/spend-pay-to-script-hash-txout.py

[12648430]

bitcoind has some unit tests that are exactly what you want; you could copy one, put in your own values, and run it as a bitcoind test. You could do it with openssl but you'd probably need to convert the pubkey into an openssl-compatible format somehow.

[edmundedgar]

Thanks for the suggestions. I ended up doing it the other way: Instead of verifying the signatures my JavaScript was emitting, I plugged in a couple of signatures for the same transaction from my Python code to prove that the rest of the JavaScript was OK and figured it out that way. (Seems like my signatures were OK but I had them in the wrong order, which results in OP_CHECKMULTISIG reporting an invalid signature???)

[Aleksei Richards]

Thanks for the suggestions. I ended up doing it the other way: Instead of verifying the signatures my JavaScript was emitting, I plugged in a couple of signatures for the same transaction from my Python code to prove that the rest of the JavaScript was OK and figured it out that way. (Seems like my signatures were OK but I had them in the wrong order, which results in OP_CHECKMULTISIG reporting an invalid signature???)

Yes you do need them in the correct order as I've just found out.